CVE-2025-0838

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Abseil versions prior to commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 Abseil versions prior to 20230802.1-4ubuntu1.2 Abseil versions prior to 0~20200923.3-2+deb11u1

Description Abseil-cpp contains a heap buffer overflow issue. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not enforce a limit on the size of their input argument. This allowed a malicious actor to provide a large size, causing an integer overflow when calculating the container's backing store size, leading to an out-of-bounds memory write. Subsequent access to the container could also result in out-of-bounds memory access. The issue could potentially allow an attacker to cause a denial of service or memory corruption.

Recommendations Upgrade to a version past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1. Upgrade to version 20230802.1-4ubuntu1.2. Upgrade to version 0~20200923.3-2+deb11u1.

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-76815

AZL-76853

AZL-76968

AZL-77043

BDU:2025-10265

CVE-2025-0838

DLA-4116-1

ECHO-BA22-656A-8E69

OESA-2025-1219

OPENSUSE-SU-2025:15473-1

SUSE-SU-2026:0190-1

SUSE-SU-2026:0338-1

SUSE-SU-2026:0381-1

SUSE-SU-2026:0412-1

SUSE-SU-2026:0576-1

SUSE-SU-2026:20268-1

SUSE-SU-2026:20361-1

USN-7505-1

Affected Products

Abseil-Cpp

Astra Linux

Debian

Linuxmint

Red Os

Ubuntu

CVE-2025-0838

Weakness Enumeration

Related Identifiers

Affected Products

References · 49